More and more electronic systems use portable objects, such as electronic microcircuit cards, especially to protect their applications.
For example, access control systems use portable objects. These systems include a device (connector and reader) to receive the portable objects; access is authorized when an approved portable object is presented. In this case, the operation performed is authentication of the portable object. In the field of access control, more sophisticated procedures can be used: not only authentication of an object, but also identification of its bearer can be required. In this particular case, the bearer of the object must enter his own data (confidential code, word or print recognition). Access control is therefore a basic application of portable object systems, which may be more or less complex.
Portable objects can be used in all data-processing systems, confidential or not. In this case, the portable objects can be used to authorize access to particular users, either by authentication of the object and/or identification of the bearer, and/or for certain highly confidential data-processing applications, the most sensitive data can conceivably be stored within one of the portable objects available to special users, or coded with algorithms contained in the objects.
Everything that has just been mentioned, while not exhaustive, is generally known to the expert, so there is no need to go into depth on this point.
Note then that for a system using portable objects to be reliable, it must be able to determine that a portable object connected to it for a moment was originally designed to grant an access right to the application created by the system, i.e., the system has to authenticate the portable object.
Generally speaking, most applications that use portable objects, such as microcircuit cards, take into account at least one secret key specific to each application. This key is prerecorded in all objects that can give access to the application and in all devices to which those objects may be connected, to obtain a service or access authorization within that application. These secret keys are known only to the approved bodies that issue the cards and run the equipment that interacts with them. In each of these applications, the equipment verifies beforehand that the object does indeed have the same secret key as the one it has, but does not in any way divulge the value of that key.
This verification is generally done through an exchange of information between the object and the equipment during a dialogue. The dialogue may consist of having a piece of equipment in the system generate a random number, which is then sent to the processing circuits of the object, then having the circuits calculate a result that is a function at least of the random number and a secret key pre-recorded in the memory of the object, transmitting this result to the equipment and comparing it with another result calculated by the equipment, which is at least a function of that random number and a secret key prerecorded in the equipment.
The object is verified or authenticated if the two results agree. Of course, this agreement can occur only if the secret keys stored in the object and in the equipment are identical, on one hand, and if the computational or processing algorithms are the same, on the other.
In order to prohibit a defrauder from producing phony objects, it is essential to keep the nature of the keys used a secret, particularly for equipment accessible to the public. Generally, the secret keys are recorded in a part of the memory of the equipment which is then locked to prohibit access from the outside; this part is accessible only internally through the equipment's processing circuits. However, it must be admitted that fraud, although limited and technically delicate, is always possible and conceivable, and that a defrauder will use sophisticated techniques to discover the secret, like laser reading the memory containing the keys, for example.
To fix this disadvantage, the French patent issued under number 2 600 189 in the name of the applicant, provides a process that no longer uses a secret key to the equipment, and replaces that key with information that is variable in time, while allowing the equipment to authenticate objects or cards that can cooperate with it. The use of variable information complicates the work of the defrauder, who would like to see the messages circulating in the system at any given time, since it is reasonable to assume that some of the data he is able to obtain during this observation will have changed when he wants to use it.
However, this process assumes that all of the objects that must be authenticated have the same secret key and the same processing algorithm, since a result previously calculated by one object must be able to be recalculated by another approved object.
Moreover, although the process described in this patent provides that the random number can be changed regularly, the same number is used at least twice, first when it is used to establish a reference result and secondly when it is used for subsequent authentication of another card.
The result is that a competent defrauder who sees an exchange of data between the outside medium and the portable object could attempt to reproduce that exchange to fool the system by logging on right after he sees it.
Such a risk of fraud by seeing an exchange of data exists particularly when the portable object is authenticated by a system in which there is no log-on protection and which can be logged onto physically. For example, this is true of computer networks, where authentication is done from a central computer, with the portable objects connected to each terminal; it is also true in access control systems on premises where a device for inserting the portable object is located at each access, and authentication is done by a central computer to which the various devices near each access are connected.
Another disadvantage, which is a consequence of the one mentioned first (same secret code and same algorithm in all portable objects) is the following: a set portable object can be used for only one application, since the use of a secret code specific to each application is what allows objects to be authenticated. In other words, the same person called upon to use several different systems must have as many objects as there are systems which the person must access.
Using a specific portable object for one application is conceivable if the application also implies modification of the memory of the portable object at certain times when it is used. For example, this is true of banking applications or all other types of applications that create or use files in the memory of the portable object.
On the other hand, if the application requires simple authentication of the object with no notable consumption of memory each time it is used, using a portable object specific to each use is obviously not the best solution.